{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33771", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-03-23T19:46:13.667Z", "datePublished": "2026-04-09T21:33:57.007Z", "dateUpdated": "2026-04-09T21:33:57.007Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CTP OS", "vendor": "Juniper Networks", "versions": [{"lessThanOrEqual": "9.2R2", "status": "affected", "version": "9.2R1", "versionType": "semver"}]}], "datePublic": "2026-04-08T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.<br><br>The password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.<br><p><br></p><p>This issue affects CTP OS versions 9.2R1 and 9.2R2.</p>"}], "value": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\n\nThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\n\n\n\nThis issue affects CTP OS versions 9.2R1 and 9.2R2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.1, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/RE:M", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-521", "description": "CWE-521 Weak Password Requirements", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:33:57.007Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107864"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 9.3R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 9.3R1, and all subsequent releases."}], "source": {"advisory": "JSA107864", "defect": ["1924398"], "discovery": "USER"}, "title": "CTP OS: Configuring password requirements does not work which permits the use of weak passwords", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.<br>"}], "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device.\n\nThe password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option \"Show password requirements\". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access.\n\n\n\nThis issue affects CTP OS versions 9.2R1 and 9.2R2."}], "id": "CVE-2026-33771", "lastModified": "2026-04-09T22:16:25.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-09T22:16:25.430", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107864"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-521"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[9.2R1,9.2R2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "ctp_os", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-09T23:26:51.790033+00:00", "value": {"mitigation_remediation": ["Update Juniper CTP OS to version 9.3R1 or newer to apply the vendor patch that correctly enforces password requirements.", "If an immediate upgrade is not possible, limit CLI access to trusted hosts by configuring access lists or firewall filters, thereby restricting the attack surface for credential guessing.", "Verify that new administrative passwords comply with strong password guidelines and are stored securely.", "Periodically review and test the password policy enforcement to ensure that the configuration is being applied as intended."], "summary": {"action": "Immediate Patch", "impact": "Remote Unauthorized Access and Full Device Control via Weak Passwords"}, "threat_synthesis": {"affected_systems": "The issue affects Juniper Networks CTP OS versions 9.2R1 and 9.2R2. The vendor has addressed the problem in later releases, namely 9.3R1 and all subsequent builds. No other vendors or product families are listed in the advisory.", "description_and_impact": "Juniper Networks CTP OS contains a weakness in its password management function. The console interface advertises password complexity requirements that are never saved, allowing administrators to set conditions that do not take effect. This flaw means that local user accounts can be created or changed with passwords that do not meet any strength criteria, leaving them vulnerable to brute\u2011force or other guessing attacks. An attacker who can reach the device over the network and has no credentials could therefore guess a weak password and gain full administrative access, enabling them to compromise, modify, or delete the device configuration, or use the device as a pivot point for further attacks. The vulnerability is a classic example of poor password policy enforcement (CWE\u2011521).", "risk_and_exploitability": "The CVSS score of 9.1 indicates a critical severity with a high likelihood of exploitation. While EPSS data is unavailable, the advisory states the problem can be exploited by an unauthenticated, network\u2011based attacker, implying that the attack might be launched via standard remote management ports such as SSH or console connections. Although the vulnerability is not listed in the CISA KEV catalog, the presence of an official patch and the high base score emphasize the need for timely mitigation. Until the fix is applied, any device running the affected software can be taken over with relatively little effort if weak passwords are present."}}}}, "created": "2026-04-10T08:36:59.312338+00:00", "updated": "2026-04-10T09:27:56.896693+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$ctp_os"]}